Information
The network location feature of the Mac is a very powerful tool to manage network security. By creating different network locations, a user can easily (and without administrative privileges) change the network settings on the Mac. By only using the network interfaces needed at any specific time, exposure to network attacks is limited.
A little understanding of how the Network System Preferences pane works is required.
Rationale:
Network locations allow the computer to have specific configurations ready for network access when required. Locations can be used to manage which network interfaces are available for specialized network access.
Impact:
Unneeded network interfaces increase the attack surface and could lead to a successful exploit.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Perform the following actions to create and edit multiple network locations as needed:
Open System Preferences
Select Network
Select Location
Select Edit Locations from the Locations popup menu
Select any unneeded network locations
Click the minus button for any unneeded locations
Select Done
Select any remaining network locations
Select any unneeded network interfaces
Select the minus button to remove them
Note: Delete the Automatic location for any device that does not use multiple network services set for DHCP or dynamic addressing. If network services like FireWire, VPN, AirPort or Ethernet are not used by a specific device class those services should be deleted.
Additional Information:
Deleting the Automatic location cannot be undone.